Overview
SMBleed Vulnerability (CVE-2020-1206): “An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka Windows SMBv3 Client/Server Information Disclosure Vulnerability.”
Description
SMB is a protocol that provides a rich set of features such as file sharing, network browsing, printing services and interprocess communication over a network.
A information disclosure vulnerability exists in SMBv3 on Microsoft Windows. Vulnerability allows a malicious user to obtain sensitive information by leaking kernel memory remotely, caused by improper handling of requests by the Server Message Block (SMBv3) protocol.
To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it.
The SMBleed Vulnerability (CVE-2020-1206) stems from a flaw that resides in SMB’s decompression function, i.e., a buffer overflow vulnerability exists in the handling of compressed data packets.
A similar vulnerability (SMBGhost) that exploits the decompression function of the SMB came to light a few months prior to SMBleed. This could also allow attackers to exercise more dangerous attacks by chaining SMBleed with SMBGhost.
Impact
A remote unauthenticated attacker can obtain sensitive information from kernel memory and then use this information to launch further attacks against the affected system.
Impact Summary
Category: Information Disclosure
CVSS 3.1 Base Score: 7.5 High
CVSS 3.1 Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Solution (Update/Workaround)
Security updates to fix the SMBleed Vulnerability (CVE-2020-1206) have been provided for Windows 10 and Windows Servers.
As a workaround, SMBv3 compression can be disabled to prevent attacks against the SMBv3 Server. Note that, disabling SMBv3 compression will not prevent the exploitation of SMB clients.
Alternatively, as a work around, TCP port 445 can be blocked on firewalls and client computers.
Cyber war takes place largely in secret, unknown to the general public on both sides.
Noah Feldman
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
To learn more about SMB related vulnerabilities, you could also read our article SMBGhost Vulnerability (CVE-2020-0796).
You could also read our popular articles What is a Security Vulnerability? or What is Vulnerability Scanning?
){kind=link}